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Educated  and  Trained  Information  Assurance  Workforce: 

Key  to  Our  Mission  Success 

George  Bieber 

Director,  Information  Assurance  Workforce  Improvement  Program 

The  article  summarises  the  DoD's  strategic  lA  workforce  objectives,  progress  made  in  2007  toward  implementation,  and  the 
way  ahead  in  2008  and  beyond. 


Just  like  any  organized  structure,  a  high¬ 
ly  networked  systems  environment  is 
only  as  good  as  its  people.  Federal  agen¬ 
cies  and  organizations  are  unable  to  pro¬ 
tect  the  integrity,  confidentiality,  and 
availability  of  information  without  a 
workforce  that  is  adequately  trained  and 
educated  in  lA.  DoDD  8570.1,  lA 
Training,  Certification,  and  Workforce 
Management,  and  its  accompanying  lA 
Workforce  Improvement  Program  (WIP) 
manual  (DoD  8570.01 -M),  represent  the 
first  steps  toward  building  and  making 
professional  the  I A  workforce  within  the 
DoD.' 

The  lA  WIP  implements  the  require¬ 
ments  of  DoDD  8570.1  and  establishes 
the  organization’s  lA  WIP  policy  and 
procedures.  Its  initiatives  are  aligned  to 
the  DoD  Information  Management/IT 
Strategic  Plan.  The  program’s  vision  is  to 
establish  an  lA  professional  workforce 
with  knowledge,  skills  and  abilities  to 
effectively  prevent,  deter,  and  respond  to 
threats  against  DoD  information,  infor¬ 
mation  systems,  and  information  infra¬ 
structures.  Integral  to  this  vision  is  the 
ability  to  effectively  manage  the  I A  work¬ 
force  to  place  people  with  the  right  skills 
in  the  right  place  at  the  right  time. 

The  foundation  to  build  this  capabili¬ 
ty  consists  of  the  following  five  strategic 
lA  workforce  objectives: 

1.  Certify  the  workforce.  Establish 
baseline  certifications  across  the 
enterprise  and  certify  the  workforce 
according  to  those  baselines. 

2.  Manage  the  workforce.  Provide  the 
tools  to  facilitate  both  component 
management  of  its  lA  workforce  and 
the  insight  of  the  OSD  into  DoD’s 
overall  workforce  status  and  certifica¬ 
tion  posture. 

3.  Sustain  the  workforce.  Enable  DoD 
workforce  to  receive  continuous 
learning  opportunities  to  keep  their 
skills  current  to  combat  new  network 
threats. 

4.  Extend  the  discipline.  Infuse  lA 
into  professional  education  programs 
to  expand  operational  leadership’s 
attention  to  the  domain. 

5.  Evaluate  the  workforce.  Establish  a 


means  of  assessing  compliance  and 
measuring  program  effectiveness. 

Milestones  to  Success 

The  2007  calendar  year  marked  the  con¬ 
clusion  of  the  first  year  of  a  four-year 
implementation  plan  for  the  lA  WIP. 
Significant  milestones  were  met  through¬ 
out  the  year  within  each  strategic  objective 
area.  The  following  are  a  few  of  these 
important  milestones: 

•  The  DoD  met  its  goal  to  certify  10 
percent  of  the  lA  workforce  for 
2007.  The  CIO  DIAP,  charged  with 
the  oversight  of  the  I A  WIP,  put  in 
place  a  number  of  initiatives  to  assist 
DoD  component  lA  managers  and 
personnel  to  achieve  this  goal  includ¬ 
ing  certification  self-assessment  pro¬ 
grams.  For  example,  the  International 
Information  Systems  Security 
Certifications  Consortium  (ISC2)  Self 
Assessment  Program  for  the  DoD, 
provided  Certification  Information 
System  Security  Professional  (CISSP) 
candidates  access  to  practice  exam 
questions  that  yielded  measurable 
results  for  students  to  assess  their  level 
of  preparedness.  Self-assessment  pro¬ 
grams  are  also  available  for  students 
seeking  Global  Information  Assurance 
Certification,  Information  Systems 
Audit  and  Control  Association,  and 
Computing  Technology  Industry 
Association  certifications. 

•  The  CIO  DIAP  put  the  enterprise¬ 
wide  concept  into  practice  by 
developing  and  conducting  a  cer¬ 
tification  voucher  program  on 
behalf  of  the  DoD  components 
(known  as  the  Voucher  Pilot 
Program).  Personnel  certification 
requirements  were  gathered  from  the 
components  and  coordinated  with 
commercial  certification  providers  in 
the  form  of  bulk  voucher  purchases. 
The  Personnel  Certification  Support 
System  (PCSS),  an  online  voucher 
management  system,  maintained  all 
voucher  allocation  and  distribution 
information  for  each  component. 
The  PCSS  will  continue  to  be  used 
for  the  second  year  of  implementa¬ 


tion  as  an  effective  tool  to  manage 
certification  vouchers. 

•  Upgrades  to  the  Defense  Civilian 
Personnel  Data  System  (DCPDS) 
are  complete  and  the  lA  personnel 
data  entry  process  is  under  way. 
Components  must  now  enter  all  rele¬ 
vant  civilian  lA  workforce  data  into 
the  DCPDS  including  lA  positions 
held  and  appropriate  training  and  cer¬ 
tification  requirements.  This  milestone 
achievement  brings  components  a  step 
closer  to  more  effective  civilian  work¬ 
force  management.  Increased  work¬ 
force  management  provides  leadership 
with  assurance  that  qualified  I A  per¬ 
sonnel  are  filling  lA  positions. 

•  The  Defense  Federal  Acquisition 
Regulation  Supplement  (DFARS) 
required  by  DoD  Directive  8570.1  is 
officially  approved  and  can  be  used 
in  new  solicitations  and  resulting 
contracts.  The  new  clause  was  pub¬ 
lished  in  the  January  10,  2008  issue  of 
the  Federal  Register.  The  announce¬ 
ment  included  actual  wording  for  the 
clause  regarding  lA  contractor  training 
certification.  DFARS  guidance  in¬ 
structs  that  any  modifications  to  exist¬ 
ing  contracts  will  have  to  be  negotiat¬ 
ed  with  the  contractor.^ 

•  DISA-supported  enhancements  of 
the  Carnegie  Mellon  University 
developed  Virtual  Training  En¬ 
vironment  (VTE)  to  provide  train¬ 
ing  to  meet  DoDD  8570  require¬ 
ments.  The  CIO  DIAP  has  funded 
specific  training  and  lab  capabilities  for 
this  program,  making  it  available  at  no 
cost  to  10  percent  of  DoD  personnel 
in  2007.  The  VTE  is  a  resource  to 
DoD  employees  for  information 
assurance,  incident  response  and  com¬ 
puter  forensic  training,  with  close  to 
600  hours  of  materials  available.  The 
environment  delivers  classroom 
instruction  and  self-paced  online  train¬ 
ing  for  CompTIA  security+  and  ISC2 
CISSP  to  name  a  few.  Seven  DoD 
8570.01 -M  role-based  optional  courses 
are  currently  available  for  personnel. 
Additional  training  courses  will  be 
offered  in  the  near  future. 
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•  In  fiscal  year  2007,  29  students 
graduated  from  the  program  and 
are  currently  working  full  time  in 
lA  strategic  positions  across  the 
DoD.  The  DoD  lA  scholarship  pro¬ 
gram  awarded  269  scholarships  to 
students  seeking  bachelor’s,  mas¬ 
ter’s  and  doctorate  degrees  in  lA 
fields  of  study  since  the  program’s 
inception  in  2001.  The  DoD  lA 
Scholarship  Program  (lASP)  awarded 
269  scholarships.  In  fiscal  year  2007, 
29  students  graduated.  The  lASP  pro¬ 
vides  educational  incentives  to  foster 
the  recruitment  and  retention  of  qual¬ 
ified  lA/IT  personnel.  As  a  resource 
for  DoD  lA  professionals  to  continu¬ 
ously  enhance  their  skills  and  to  keep 
current  with  technology  and  threats, 
the  lASP  supports  the  lA  WIP  strate¬ 
gic  objective  to  sustain  the  workforce.^ 

Monitor  Success 

As  the  message  about  the  lA  WIP  pro¬ 
gram  disseminates  across  the  DoD,  the 
goals  become  more  rigorous  and  the  mis¬ 
sion  more  clear.  The  second  year  (2008)  of 
the  program’s  implementation  includes 
the  following  new  challenging  milestones: 

•  By  the  end  of  2008,  40  percent  of  the 
DoD  workforce  must  be  certified 
according  to  DoD  8570.01 -M  baseline 
policy  requirements. 

•  New  specialty  positions  were  pro¬ 


posed  for  integration  into  a  second 
change  to  the  8570.01 -M  including 
C&A  and  software  application  devel¬ 
opers.  SME  working  groups  will  be 
organized  to  focus  on  the  strategy  and 
planning  to  execute  these  proposed 
changes. 

•  The  strategic  I A  workforce  objective, 
Evaluate  the  Workforce,  will  play  a  greater 
role  in  program  activities.  The  first  lA 
WIP  site  review  will  be  conducted  in 
the  first  quarter  of  2008.  The  intent  of 
these  site  reviews  is  to  verify  DoD 
component  compliance  with  require¬ 
ments  of  DoDD  8570.1  and  8570.01- 
M.  Furthermore,  on-site  inspections 
provide  the  opportunity  for  the  DIAP 
to  assess  the  level  of  effectiveness  of 
the  lA  WIP  at  the  operational  level. 

Achieve  Success 

Ultimately,  the  DIAP  seeks  to  foster  con¬ 
tinued  improvement  throughout  each  year 
of  the  program’s  lifecycle.  The  implemen¬ 
tation  planning  strategy  of  the  lA  WIP 
dictates  a  continuous  cycle  of  milestone 
achievement,  benefits  actualization,  over¬ 
sight,  and  improvement.  Adherence  to 
this  planning  strategy  will  result  in  a  better 
trained,  certified,  and  professional  DoD 
I A  workforce.  Results  will  yield  a  more 
capable  workforce  —  and  the  more  capa¬ 
ble  the  workforce,  the  more  likely  it  is  to 
achieve  DoD  mission  success.^ 


Notes 

1.  Supporting  documents  can  be  found 
at  <www.whs.mil>. 

2.  The  full  guidance  can  be  found  at 
<www.acq.osd.mil/ dpap/dars/dfars 
pgi/ current/index.html>. 

3.  More  information  about  the  I  ASP  can 
be  found  at  <www.defenselink.mil/ 
cio-nii/iasp>. 
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Acronym  Key  for  This  Issue 


AIS: 

C&A: 

CIO: 

CNSS: 

DASD(IIA): 

DIACAP: 

DIAP: 

DISA: 

DNI: 

DoD: 

GIAP: 

GIG: 

lA: 

1C: 

INFOSEC: 

IT: 

Nil: 

NSA: 

NSS: 

R&D: 

SME: 

UCDMO: 

USG: 


Assured  Information  Sharing 

Certification  and  Accreditation 

Chief  information  Officer 

Committee  on  Nationai  Security  Systems 

Deputy  Assistant  Secretary  of  Defense  for 

Information  and  identity  Assurance 

DoD  Information  Assurance  Certification  and 

Accreditation  Process 

Defense  Information  Assurance  Program 

Defense  Information  Systems  Agency 

Director  of  National  Intelligence 

Department  of  Defense 

GIG  lA  Portfolio  (Management) 

Globai  information  Grid 

Information  Assurance 

Inteliigence  Community 

Information  Security 

Information  Technoiogy 

Networks  and  Information  Integration 

Nationai  Security  Agency 

Nationai  Security  Strategy 

Research  and  Development 

Subject  Matter  Expert 

Unified  Cross  Domain  Management  Office 

United  States  Government 


